Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
agigliotti
Partner - Champion
Partner - Champion

double user license attribution in a multi cloud deployments (QCS & QSEoW)

Hi,
Currently I have a multi cloud deployment with 1 QSEoW and 1 QCS sharing the same SLK.
I have configured Okta Idp on both deployments as SSO.
Everything works fine except for the needed to assign double license for a single user because it has two different IdP subject values on "QMC->License->Assigned users" page:
"OKTA\username@company.com" for the one coming from QSEoW  (where OKTA is the user directory and username@company.com is the User ID)
an alphanumeric  string for ex. "00u303axcemsducvz4x6" for the one coming from QCS.
How can I manage this?
Can someone drive me to the right direction?
Many thanks in advance.
Best regards
Andrea

Labels (3)
3 Replies
Leigh_Kennedy
Employee
Employee

This is configured in the 'Claims mapping' section of your identity provider in the administration console.  Be very careful making changes here as you can lock yourself out if you make a mistake.   

Regards.

agigliotti
Partner - Champion
Partner - Champion
Author

Hi @Leigh_Kennedy ,

Is there a way to avoid lock myself out making some changes on IdP claims mapping settings ?
Please let me know.
Many thanks in advance for your collaboration.
Most important thing stay safe and take care.
Best regards
Andrea

AlexOmetis
Partner Ambassador
Partner Ambassador

Just logged my journey of discovery and not quite fixing this issue with Azure AD... https://community.qlik.com/t5/Qlik-Sense-SaaS-Multi-Cloud/Avoiding-duplication-of-users-between-QSE-... 

 

@agigliotti In terms of making sure you don't get locked out...

  • In SaaS make sure you have the details of the original login that set up the tenant as you can login with the Qlik ID as this can be used as a recovery point. Also check the validation carefully - if it doesn't look right, don't accept it and revert your changes and revalidate.
  • In on-prem, make sure you have another virtual proxy configured you can use (e.g. NTLM) and make sure you mark your user as "Delete prohibited".
Qlik Partner Ambassador 2024